At present, what exactly was patched is not immediately obvious from
syspatch output, which could be annoying for administrators who want to
take some action based on what was changed (restart daemons linked to
patched libraries, etc). Could a -v option for syspatch (patch below),
causing it to print a message for each altered file, be a good idea?
Alternatively, perhaps there could be a hint, either in syspatch's
output or in the FAQ/manpage, that administrators should consider
reading each source patch to get an idea of what changed.
Note that the below patch will print a notice for each new or altered
file, including the archived source patches. I think that's a feature,
in that it calls attention to their presence.
Index: syspatch.8
===================================================================
RCS file: /cvs/src/usr.sbin/syspatch/syspatch.8,v
retrieving revision 1.18
diff -u -p -r1.18 syspatch.8
--- syspatch.8 9 May 2017 12:23:04 -0000 1.18
+++ syspatch.8 29 Jun 2017 16:56:12 -0000
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE. .\"
-.Dd $Mdocdate: May 9 2017 $
+.Dd $Mdocdate: Jun 29 2017 $
.Dt SYSPATCH 8
.Os
.Sh NAME
@@ -22,7 +22,7 @@
.Nd manage base system binary patches
.Sh SYNOPSIS
.Nm syspatch
-.Op Fl c | l | R | r
+.Op Fl c | l | R | r | v
.Sh DESCRIPTION
.Nm
is a utility to fetch, verify, install and revert
@@ -50,6 +50,8 @@ List installed patches.
Revert all patches.
.It Fl r
Revert the most recently installed patch.
+.It Fl v
+Verbose mode; print a message for each new or modified file.
.El
.Sh FILES
.Bl -tag -width "/bsd.syspatch${OSrev}" -compact
Index: syspatch.sh
===================================================================
RCS file: /cvs/src/usr.sbin/syspatch/syspatch.sh,v
retrieving revision 1.114
diff -u -p -r1.114 syspatch.sh
--- syspatch.sh 9 Jun 2017 07:37:38 -0000 1.114
+++ syspatch.sh 29 Jun 2017 16:56:12 -0000
@@ -26,7 +26,7 @@ sp_err()
usage()
{
- sp_err "usage: ${0##*/} [-c | -l | -R | -r]"
+ sp_err "usage: ${0##*/} [-c | -l | -R | -r | -v]"
}
apply_patch()
@@ -163,6 +163,8 @@ install_file()
eval $(stat -f "_fmode=%OMp%OLp _fown=%Su _fgrp=%Sg" ${_src})
+ [[ ${_VERBOSE} ]] && echo "installing new/changed file ${_dst}"
+
install -DFSp -m ${_fmode} -o ${_fown} -g ${_fgrp} ${_src}
${_dst}}
@@ -175,6 +177,8 @@ install_kernel()
[[ ${_kern##*/} == bsd ]] && _bsd=bsd.sp || _bsd=bsd
fi
+ [[ ${_VERBOSE} ]] && echo "replacing kernel with ${_kern##*/}"
+
install -FSp ${_kern} /${_bsd:-${_kern##*/}}
}
@@ -308,12 +312,13 @@ readonly _BSDMP _KERNV _MIRROR _OSrev _P
trap 'set +e; rm -rf "${_TMP}"' EXIT
trap exit HUP INT TERM
-while getopts clRr arg; do
+while getopts clRrv arg; do
case ${arg} in
c) ls_missing ;;
l) ls_installed ;;
R) while [[ -n $(ls_installed) ]]; do rollback_patch; done ;;
r) rollback_patch ;;
+ v) _VERBOSE=yes ;;
*) usage ;;
esac
done
